Pfsence is a good choice , there are couple of similar stuff in the area but pfsence is a good tested one by several organizations along with that it is based on BSD system rather then Linux which gives you more stability and security I believe

It has become appallingly obvious that our technology has exceeded our humanity.

its nice to be able to watch all incoming and outgoing connections on the perimiter. the default rules that came with install were sufficient enough for me to watch the traffic for awhile....i wrote a few custom chains to block some un-recognized connections. tons of features in this little box, its pretty cool.

now is time to implement the DMZ. i need to collect some equiment before hand...catalyst 2950, patch cables, and another NIC for the webserver. still playing with the idea of running my own DNS servers....virtualization could help there...need more research tho.

once i've configured the new network, ill post up any tricks or configuration tips I find. hopefully they will help another soul walking down this path. thanks for the suggestions!